Clawzempic
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may execute the audit script on the local machine or, if requested, on a remote host via SSH.
The skill asks the agent to run a local shell audit script and supports a remote SSH mode. This is disclosed and central to the audit purpose, but users should confirm the target before running it.
Run `bash skills/clawzembic/lean-audit.sh` (or `--remote user@claudette` for the VM)
Run it only for OpenClaw instances you intend to audit, and verify any remote hostname before approving remote use.
If remote mode is used, the script runs with whatever permissions the SSH account has on the remote OpenClaw instance.
Remote mode uses the user's existing SSH identity and permissions on the target host. This is disclosed and optional, but it is still delegated account access.
For remote instances, ensure SSH key-based auth is configured. The skill uses SSH to execute the audit remotely
Use a least-privileged SSH account where possible and only target hosts you control or are authorized to audit.
Audit output may include details such as oversized memory files, cron job names, session bloat, or transcript sizes from the user's OpenClaw environment.
The audit examines persistent OpenClaw state, including memory/context files, sessions, cron configuration, skills, and transcript storage. This matches the stated purpose but may reveal operational or private metadata in the report.
Scans your installation and scores it across six critical categories: context injection, cron health, session bloat, config health, skill bloat, and transcript size.
Review generated reports before sharing them, especially JSON output intended for dashboards or integrations.